Examples with ClientDetails org.springframework.security.oauth2.provider.ClientDetails used on opensource projects

Search in sources :

Example 11 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class JdbcClientDetailsServiceTests method testUpdateClientSecret.

@Test
public void testUpdateClientSecret() {
    BaseClientDetails clientDetails = new BaseClientDetails();
    clientDetails.setClientId("newClientIdWithNoDetails");
    service.setPasswordEncoder(new PasswordEncoder() {

        public boolean matches(CharSequence rawPassword, String encodedPassword) {
            return true;
        }

        public String encode(CharSequence rawPassword) {
            return "BAR";
        }
    });
    service.addClientDetails(clientDetails);
    service.updateClientSecret(clientDetails.getClientId(), "foo");
    Map<String, Object> map = jdbcTemplate.queryForMap(SELECT_SQL, "newClientIdWithNoDetails");
    assertEquals("newClientIdWithNoDetails", map.get("client_id"));
    assertTrue(map.containsKey("client_secret"));
    assertEquals("BAR", map.get("client_secret"));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) Test(org.junit.Test)

Example 12 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class JdbcClientDetailsServiceTests method testLoadingClientIdWithSingleDetails.

@Test
public void testLoadingClientIdWithSingleDetails() {
    jdbcTemplate.update(INSERT_SQL, "clientIdWithSingleDetails", "mySecret", "myResource", "myScope", "myAuthorizedGrantType", "myRedirectUri", "myAuthority", 100, 200, "true");
    ClientDetails clientDetails = service.loadClientByClientId("clientIdWithSingleDetails");
    assertEquals("clientIdWithSingleDetails", clientDetails.getClientId());
    assertTrue(clientDetails.isSecretRequired());
    assertEquals("mySecret", clientDetails.getClientSecret());
    assertTrue(clientDetails.isScoped());
    assertEquals(1, clientDetails.getScope().size());
    assertEquals("myScope", clientDetails.getScope().iterator().next());
    assertEquals(1, clientDetails.getResourceIds().size());
    assertEquals("myResource", clientDetails.getResourceIds().iterator().next());
    assertEquals(1, clientDetails.getAuthorizedGrantTypes().size());
    assertEquals("myAuthorizedGrantType", clientDetails.getAuthorizedGrantTypes().iterator().next());
    assertEquals("myRedirectUri", clientDetails.getRegisteredRedirectUri().iterator().next());
    assertEquals(1, clientDetails.getAuthorities().size());
    assertEquals("myAuthority", clientDetails.getAuthorities().iterator().next().getAuthority());
    assertEquals(new Integer(100), clientDetails.getAccessTokenValiditySeconds());
    assertEquals(new Integer(200), clientDetails.getRefreshTokenValiditySeconds());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) Test(org.junit.Test)

Example 13 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class JdbcClientDetailsServiceTests method testLoadingClientIdWithSingleDetailsInCustomTable.

@Test
public void testLoadingClientIdWithSingleDetailsInCustomTable() {
    jdbcTemplate.update(CUSTOM_INSERT_SQL, "clientIdWithSingleDetails", "mySecret", "myResource", "myScope", "myAuthorizedGrantType", "myRedirectUri", "myAuthority");
    JdbcClientDetailsService customService = new JdbcClientDetailsService(db);
    customService.setSelectClientDetailsSql("select appId, appSecret, resourceIds, scope, " + "grantTypes, redirectUrl, authorities, access_token_validity, refresh_token_validity, additionalInformation, autoApproveScopes from ClientDetails where appId = ?");
    ClientDetails clientDetails = customService.loadClientByClientId("clientIdWithSingleDetails");
    assertEquals("clientIdWithSingleDetails", clientDetails.getClientId());
    assertTrue(clientDetails.isSecretRequired());
    assertEquals("mySecret", clientDetails.getClientSecret());
    assertTrue(clientDetails.isScoped());
    assertEquals(1, clientDetails.getScope().size());
    assertEquals("myScope", clientDetails.getScope().iterator().next());
    assertEquals(1, clientDetails.getResourceIds().size());
    assertEquals("myResource", clientDetails.getResourceIds().iterator().next());
    assertEquals(1, clientDetails.getAuthorizedGrantTypes().size());
    assertEquals("myAuthorizedGrantType", clientDetails.getAuthorizedGrantTypes().iterator().next());
    assertEquals("myRedirectUri", clientDetails.getRegisteredRedirectUri().iterator().next());
    assertEquals(1, clientDetails.getAuthorities().size());
    assertEquals("myAuthority", clientDetails.getAuthorities().iterator().next().getAuthority());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) JdbcClientDetailsService(org.springframework.security.oauth2.provider.client.JdbcClientDetailsService) Test(org.junit.Test)

Example 14 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class AccessConfirmationController method getAccessConfirmation.

@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(Map<String, Object> model, Principal principal) throws Exception {
    AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
    ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
    model.put("auth_request", clientAuth);
    model.put("client", client);
    Map<String, String> scopes = new LinkedHashMap<String, String>();
    for (String scope : clientAuth.getScope()) {
        scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
    }
    for (Approval approval : approvalStore.getApprovals(principal.getName(), client.getClientId())) {
        if (clientAuth.getScope().contains(approval.getScope())) {
            scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(), approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
        }
    }
    model.put("scopes", scopes);
    return new ModelAndView("access_confirmation", model);
}
Also used : AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) ModelAndView(org.springframework.web.servlet.ModelAndView) Approval(org.springframework.security.oauth2.provider.approval.Approval) LinkedHashMap(java.util.LinkedHashMap) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 15 with ClientDetails

use of org.springframework.security.oauth2.provider.ClientDetails in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithInMemoryTests method testDifferentRefreshTokenMaintainsState.

@Test
public void testDifferentRefreshTokenMaintainsState() throws Exception {
    // create access token
    getTokenServices().setAccessTokenValiditySeconds(1);
    getTokenServices().setClientDetailsService(new ClientDetailsService() {

        public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception {
            BaseClientDetails client = new BaseClientDetails();
            client.setAccessTokenValiditySeconds(1);
            client.setAuthorizedGrantTypes(Arrays.asList("authorization_code", "refresh_token"));
            return client;
        }
    });
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
    DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
    OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken();
    // Make it expire (and rely on mutable state in volatile token store)
    firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    // create another access token
    OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(expectedAuthentication);
    assertFalse("The new access token should be different", firstAccessToken.getValue().equals(secondAccessToken.getValue()));
    assertEquals("The new access token should have the same refresh token", expectedExpiringRefreshToken.getValue(), secondAccessToken.getRefreshToken().getValue());
    // refresh access token with refresh token
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", Collections.singleton("read"), null);
    getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals(1, getAccessTokenCount());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService) OAuth2Exception(org.springframework.security.oauth2.common.exceptions.OAuth2Exception) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) Test(org.junit.Test)

Aggregations

ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)44 Test (org.junit.Test)36 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)30 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)27 Authentication (org.springframework.security.core.Authentication)21 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)20 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)19 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)19 Date (java.util.Date)13 HashMap (java.util.HashMap)12 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)8 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)7 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)7 DBUnitTest (org.orcid.test.DBUnitTest)6 AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)6 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)6 OAuth2Exception (org.springframework.security.oauth2.common.exceptions.OAuth2Exception)6 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)6 OrcidOauth2ClientAuthentication (org.orcid.core.oauth.OrcidOauth2ClientAuthentication)5 InvalidClientException (org.springframework.security.oauth2.common.exceptions.InvalidClientException)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial